check_for_spam_reply_to() uses get_address_commonality_ratio(), which checks
to see how many characters the two addresses have in common. Why not compare
the domains of the hosts for equality? Take the last three parts of the
hostname for two letter TLDs ("foobar.co.uk") and the last two parts for
everything else ("foobar.info") and compare them.
I'm guessing that there's places that either have different TLDs in their
Reply-To (sent from "foobar.com" and reply to "foobar.net"), or have slightly
different general domains (sent from "foobar1.com" and reply to
"foobar2.com"). How common is this? How many false positives would be
gotten if the domain names were compared for complete equality?
Also, why are the user names included in the comparison? If the from and
reply-to user names are long and very different, but come from the exact same
domain, I wouldn't consider this spamish, but it might set of the rule as it
currently stands.
--
Visit http://dmoz.org, the world's | Give a man a match, and he'll be warm
largest human edited web directory. | for a minute, but set him on fire, and
| he'll be warm for the rest of his life.
[EMAIL PROTECTED] ICQ: 132152059 |
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
